In wireless communication systems, the ability to provide secure and confidential transmissions becomes a highly important task as these systems move towards the next generation of data services. Secure wireless transmissions may be achieved by applying confidentiality and integrity algorithms to encrypt the information to be transmitted. For example, the Global System for Mobile Communication (GSM) uses the A5 algorithm to encrypt both voice and data and the General Packet Radio Service (GPRS) uses the GEA algorithm to provide packet data encryption capabilities in GSM systems. The next generation of data services leading to the so-called third generation (3G) is built on GPRS and is known as the Enhanced Data rate for GSM Evolution (EDGE). Encryption in EDGE systems may be performed by either the A5 algorithm or the GEA algorithm depending on the application. One particular EDGE application is the Enhanced Circuit Switch Data (ECSD).
There are three variants of the A5 algorithm: A5/1, A5/2, and A5/3. The specifications for the A5/1 and the A5/2 variants are confidential while the specifications for the A5/3 variant are provided by publicly available technical specifications developed by the 3rd Generation Partnership Project (3GPP). Similarly, three variants exist for the GEA algorithm: GEA1, GEA2, and GEA3. The specifications for the GEA3 variant are also part of the publicly available 3GPP technical specifications while specifications for the GEA1 and GEA2 variants are confidential. The technical specifications provided by the 3GPP describe the requirements for the A5/3 and the GEA3 algorithms but do not provide a description of their implementation.
Variants of the A5 and GEA algorithms are based on the KASUMI algorithm which is also specified by the 3GPP. The KASUMI algorithm is a symmetric block cipher with a Feistel structure or Feistel network that produces a 64-bit output from a 64-bit input under the control of a 128-bit key. Feistel networks and similar constructions are product ciphers and may combine multiple rounds of repeated operations, for example, bit-shuffling functions, simple non-linear functions, and/or linear mixing operations. The bit-shuffling functions may be performed by permutation boxes or P-boxes. The simple non-linear functions may be performed by substitution boxes or S-boxes. The linear mixing may be performed using XOR operations. The 3GPP standards further specify three additional variants of the A5/3 algorithm: an A5/3 variant for GSM, an A5/3 variant for ECSD, and a GEA3 variant for GPRS (including Enhanced GPRS or EGPRS).
The A5/3 variants for GSM and ECSD may utilize the KASUMI algorithm in an Output Feedback Mode (OFB) as a keystream generator. All three variants of the A5/3 algorithm may be specified in terms of a general-purpose keystream function KGCORE. The individual encryption algorithms for GSM and ECSD may be defined by mapping their corresponding inputs to KGCORE function inputs, and mapping KGCORE function outputs to outputs of each of the individual encryption algorithms. The heart of the KGCORE function is the KASUMI cipher block, and this cipher block may be used to implement the A5/3 algorithm.
Implementing the variants of the A5/3 algorithm directly in an A5/3 algorithm block or in a KGCORE function block, however, may require ciphering architectures that provide fast and efficient execution in order to meet the transmission rates, size and cost constraints required by next generation data services and mobile systems. Because of their complexity, implementing the variants of the A5/3 algorithm in embedded software to be executed on a general-purpose processor on a system-on-chip (SOC) or on a digital signal processor (DSP), may not provide the speed or efficiency necessary for fast secure transmissions in a wireless communication network. Moreover, these processors may need to share some of their processing or computing capacity with other applications needed for data processing and/or transmission, further limiting processing resources available for encryption applications. The development of cost effective integrated circuits (IC) capable of accelerating the encryption and decryption speed of the GSM and EDGE variants of the A5/3 algorithm is necessary for the deployment of next generation data services.
Further limitations and disadvantages of conventional and traditional approaches will become apparent to one of skill in the art, through comparison of such systems with some aspects of the present invention as set forth in the remainder of the present application with reference to the drawings.